Written February 2007
Updated January 2008

The biggest issue here is not the damage to your computer, but the damage to your business. If one of your desktops got infected by a keylogger, and the mastermind behind it captured your employees usernames and passwords, that person could log in and start stealing data - data like credit card numbers. Anything stored on your network is vulnerable and can be used to take something from you without permission, or via blackmail.

I will briefly discuss three steps that are important to keeping your computers and data secure.

Desktop Antivirus Software
There are many vendors selling their version of antivirus, accompanied usually by their version of a firewall, anti-spyware, and anti-adware (called PUPS - Potentially Unwanted Programs). I prefer to stick with the larger vendors that sell to thousands of customers, i.e. Microsoft, Symantec, BitDefender and Computer Associates.

In the end, it really does not matter which one of these you choose. Their protection is at about the same level, and each have their pros and cons. Sure, some report may say that one is marginally better than the other, but then next year, or next month, things change. You'd be hard pressed to truly find an unbiased report anyways. Long story short, if they are a large vendor, they have too much at risk. It is not worth the time to split hairs to determine which package was marginally better last year and assume they'll keep it up this year. Besides, you should not rely on antivirus alone to maintain security.

The single most important factor to consider is the packages ability to detect a virus or virus-like activity.

One thing to avoid is software that pops up, telling you it did something every 5 seconds. Security is their job, not yours - it should not hinder your work. A good program will not ask for your input on benign operations, but many do this to make you believe it's "doing a good job".

I used to use McAfee religiously, but in the past few years, the software has become a little too upselling for me and lackadaisical on the "detection". We've also experienced many issues: try not to use McAfee's firewall and you'll have to ignore the warning that you're not protected. Most of the time, you must use *everything* or McAfee will warn continually that your PC is about to explode.

Norton is a hog. Oink, oink! It's huge, slow, and installs about 89 things to make it run.

Computer Associates is good. Fairly lightweight and behind the scenes. Good choice.

I know I'll get some flak for this, but we have recommended Microsoft's OneCare. First, it does not slow a computer down (one reason we started removing Norton and installing OneCare for clients). Second, it only momentarily and discretely notifies you of benign issues. Lastly, it has a few features that make maintenance a little easier. Many people got on top of Microsoft when it started selling antivirus saying it was a conflict of interest. If that were true, then one would have to believe that extended warranties are a conflict of interest. If you buy a $3000 Xerox printer and I come along and throw my Diet Coke inside it, should Xerox fix it? Should Xerox have been more thoughtful and made an hermetic seal around all parts and provided an internal blower system to quickly dry out mass amounts of liquids? Sure they should have, but nothing is perfect, and the future always holds something new.

Currently we install BitDefender for our clients. It carries an attractive price tag and perfroms extremely well in the "detection arena".

Please note that ANY of the above titles (and others) are perfectly fine to use. This is really only one third of your protection anyhow.

Human & Third Party Scanners
Much can be said for an actual human familiar with the PC inspecting your system.

Periodic inspection of your process list is important. The process list shows everything currently running on the computer. Right click on the taskbar and choose Task Manager. Click the Processes tab. You can type all these program names (i.e, foo.exe) into Uniblue (www.liutilities.com) and get a pretty accurate description of what it is. If you find something that does not sound right to you, have someone inspect further.

Check your startup configurations - this list includes anything additional that starts up when Windows boots. Click Start, Run and type 'msconfig'. Click on the tab titled Startup. Do the same thing here and lookup names, or catch a clue from the "path" it is using.

Periodically go through your Add/Remove Programs list in Control Panel. See if any programs got installed without your knowledge.

Download and periodically run Microsoft's Malicious Software Removal Tool.

Download and periodcally run Microsoft's Rootkit Revealer. It can detect all rootkits published on www.rootkit.com.

Data Protection
This is a very important part of security. Even if someone cracks into your network or PC, you can minimize your exposure by assuring the data, to them, is useless. There is really no other way to accomplish this other than to use third party encryption programs, the most accepted being PGP.

PGP has a very cool utility called Netshare; we find that it fits into many small business' workflow. Netshare allows each user to make a PGP key that is unique to them. This "key" needs a passphrase to operate. A user can encrypt data on their computer or network storage, and choose other people to have access to the files. So, Bob in accounting can encrypt his files, but add Cheryl in accounting and Chris in Payroll to have access by simply adding them to the list of users for those files.

Each person needs to purchase PGP Netshare, create a Public and Private KEY, and set their passphrase. Everyone, no matter their position, can share their keys, so when you want to allow someone access, you simply drag their key into the "allowed keys" pool. PGP Netshare uses PGP Desktop to configure, and is very simple and intuitive. PGP Desktop also comes with the ability to shred files, which permanently makes deleted files unrecoverable.

When in Doubt
Not many people are completely comfortable with PCs and how to upkeep them. So, when in doubt, ask a professional - like us, or your local computer repair consultant, and choose wisely.